can someone please give me some advice on debugging and security matters.......

i am working on a script to insert data ina DB and it got me stuck on a error wich i think is being caused by the escape string or the $sql query. tried changing the order of events....without the escapestring.....and some random things but it keeps giving me:

ERROR: 1064You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '(dt, username, email, pwd)values('Saturday 7 April 2012 14:11:42', '1', '2', '8'' at line 1

ERROR: 1064You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '(dt, username, email, pwd)values('Saturday 7 April 2012 14:11:42', '1', '2', '8'' at line 1

.....should the end not be '8')' ?

There are no Stupid Questions....just Stupid ppl who refuse to answer any.

my game is http://www.hyperiums.com. been playig it over 10 years and looking forward for 10 more...nice, clean, simple and a big international playerbase.

"I fear the day that technology will surpass our human interaction. The world will have a generation of idiots."

The greatest difficulty in programming is not in finding answers, but in asking yourself the right questions. -- If nobody has said it before, then I'd like to take credit of thinking this up (during summer of 2010).
"Complex problems often have the simplest solutions" -- Not sure who said that first.
=== My projects (all feedback welcomed) ===XML_XSLT2Processor(0.5.3) - perform XSLT 2.0 transformations in PHP.PEAR2_Net_Transmitter(1.0.0a4) - reliable sockets.PEAR2_Cache_SHM(0.1.2) - persistent data storage wrapper.
=== Useful tools ===NetBeans - full featured PHP IDE, as well as a decent code editor for other things.Fiddler2 - The best free HTTP debugger. Performance tuning, security check, integrity check, custom requests and more, all made easy.Gobby - That's NOT my Nickname! Look at the topic.

Interests:everything about computer and programming:specifically Web development and everything others which makes me interested

Languages:(x)html,css,(pl)sql,php,xml,xslt,xsd,javascript,java

Posted 13 April 2012 - 05:01 PM

mysql_real_escape_string() will be the always last one which will you use before using it in query.

escaping is for the chafraters which have speical meanings to database. so it is just escaped when it executed by database engine. once it is executed it will be the same character. it does not change the value at last. once the query executed there is no meaning of escaping.thus you cant see the escapiing characters in database.

mysql_real_escape_string() takes $username, and turns it into something which can be places safely between apostrophes in an SQL query. This something is, in this case, stored in $res_username.

Suppose $username contained an apostrophe, like "O'Reilly". If you just place that in an SQL query, like:

"INSERT INTO users (username) VALUES ('$username')"

the result would be

INSERT INTO users (username) VALUES ('O'Reilly')

which results in a syntax error.

mysql_real_escape_string() handles this character, among others, by "escaping" it, so that

"INSERT INTO users (username) VALUES ('$res_username')"

would look like

INSERT INTO users (username) VALUES ('O\'Reilly')

which is a valid SQL query. One which results in "O'Reilly" being inserted into the DB.

The greatest difficulty in programming is not in finding answers, but in asking yourself the right questions. -- If nobody has said it before, then I'd like to take credit of thinking this up (during summer of 2010).
"Complex problems often have the simplest solutions" -- Not sure who said that first.
=== My projects (all feedback welcomed) ===XML_XSLT2Processor(0.5.3) - perform XSLT 2.0 transformations in PHP.PEAR2_Net_Transmitter(1.0.0a4) - reliable sockets.PEAR2_Cache_SHM(0.1.2) - persistent data storage wrapper.
=== Useful tools ===NetBeans - full featured PHP IDE, as well as a decent code editor for other things.Fiddler2 - The best free HTTP debugger. Performance tuning, security check, integrity check, custom requests and more, all made easy.Gobby - That's NOT my Nickname! Look at the topic.